Erik van Straten<p>Public key cryptografie voor leken</p><p>Het is een beetje behelpen met "ASCII graphics", maar in <a href="https://www.security.nl/posting/884482/Public+keys+voor+leken" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/884482/Pub</span><span class="invisible">lic+keys+voor+leken</span></a> probeer ik, ook aan minder digitaal vaardigen, uit te leggen hoe asymmetrische cryptografie werkt.</p><p>Doe er uw voordeel mee, want deze techniek is een belangrijk fundament van de steeds verder digtaliserende maatschappij.</p><p>U leert hoe een digitale handtekening werkt en wat een digitaal certificaat is.</p><p>Veel te weinig mensen begrijpen dat goed, en dat bemoeilijkt een fatsoenlijke discussie over deze technieken enorm.</p><p>Big tech is de lachende derde: zij maximaliseren hun winsten terwijl alle risico's voor uw rekening komen.</p><p><a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/EchtVanNepKunnenOnderscheiden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EchtVanNepKunnenOnderscheiden</span></a> <a href="https://infosec.exchange/tags/NepVanEchtKunnenOnderscheiden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepVanEchtKunnenOnderscheiden</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/BankHelpdeskFraude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BankHelpdeskFraude</span></a> <a href="https://infosec.exchange/tags/OnlineOplichting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineOplichting</span></a> <a href="https://infosec.exchange/tags/EDIW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EDIW</span></a> <a href="https://infosec.exchange/tags/EUDIW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EUDIW</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/BasisKennis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BasisKennis</span></a> <a href="https://infosec.exchange/tags/Encryptie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryptie</span></a> <a href="https://infosec.exchange/tags/Cryptografie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptografie</span></a> <a href="https://infosec.exchange/tags/DigitaleVaardigheden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitaleVaardigheden</span></a> <a href="https://infosec.exchange/tags/PublicKeyCryptografie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PublicKeyCryptografie</span></a> <a href="https://infosec.exchange/tags/AsymmetrischeCryptografie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AsymmetrischeCryptografie</span></a> <a href="https://infosec.exchange/tags/PrivateKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivateKey</span></a> <a href="https://infosec.exchange/tags/PubliekeSleutel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PubliekeSleutel</span></a> <a href="https://infosec.exchange/tags/PrivateSleutel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivateSleutel</span></a></p>
Frühere Suchanfragen
Keine früheren Suchanfragen
Suchoptionen
Nur verfügbar, wenn angemeldet.
nrw.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Wir sind eine freundliche Mastodon Instanz aus Nordrhein-Westfalen. Ob NRW'ler oder NRW-Sympathifanten, jeder ist hier willkommen.
Verwaltet von:
Serverstatistik:
2,8 Tsd.aktive Profile
nrw.social: Über · Status · Profilverzeichnis · Impressum/Datenschutz
Mastodon: Über · App herunterladen · Tastenkombinationen · Quellcode anzeigen · v4.3.7
#AiTM
0 Beiträge · 0 Beteiligte · 0 Beiträge heute
Erik van Straten<p><span class="h-card" translate="no"><a href="https://chaos.social/@fleaz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fleaz</span></a></span> : it's not MultiMultiFactorAuthentication but 1FA max.</p><p>Assuming that you don't use those hardware keys to generate TOTP codes (which are pointless when confronted with the likes of <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Evilginx2</span></a>), but use WebAuthn instead (FIDO2 passkeys in hardware keys), everything depends on one factor: the domain name of the website.</p><p>1️⃣ DV-CERTS SUCK<br>It is not very common that certificates are issued to malicious parties, but it *does* happen now and then (<a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914050216821746</span></a>).</p><p>2️⃣ SUBDOMAINS<br>Furthermore, sometimes organizations have "dangling" subdomain names. For example,</p><p> test.example.com</p><p>may point to the IP-adress of some cloud server no longer used by example.com. Anyone with write access to that server may install a fake "test.example.com" website and phish you to it. It *may* be used to phish your WebAuthm credentials *if* "example.com" does not explicitly *DENY* WebAuthn from "test.example.com".</p><p>See <a href="https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/w3ctag/design-revie</span><span class="invisible">ws/issues/97#issuecomment-175766580</span></a> for how Google prevents "sites.google.com" from authenticating to "google.com".</p><p>3️⃣ DNS HACKED<br>It may not be neccessary to execute BGP-hijacks to redirect network traffic to an impostor: it also all depends on how reliable DNS records are protected against unauthorized access. If the dude in charge for DNS uses a stupid password only, or the DNS provider is easily fooled into believing "I forgot my creds", it's game over. The crooks will obtain a DV-cert in no time, no questions asked, for free.</p><p>4️⃣ All the bells and whistless are moot if there's an alternative way to log in (such as by using a 1FA rescue code) and the user is fooled into providing it (after they've been lied to that their WebAithn public key on the server became corrupted or was lost otherwise).</p><p>5️⃣ Cloudflare MitM's https connections (it's not a secret: <a href="https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/password-r</span><span class="invisible">euse-rampant-half-user-logins-compromised/</span></a>). The same applies to any server you log in to, which is accessible by untrustworthy personnel. They can steal your session cookie.</p><p>6️⃣ In the end MFA/2FA is a hoax anyway, because the session cookie (or JWT or whatever) is 1FA anyway.</p><p>Did I mention the risks of account lockout with hardware keys that cannot be backupped? And the mess it is to keep at least one other hardware key synchronized if it's in a vault? And the limitation of, for example, 25 WebAuthn accounts max? And (unpatcheable) vulnerabilities found in hardware keys? And their price? And how easy it is to forget or loose them?</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@odr_k4tana" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>odr_k4tana</span></a></span> </p><p><a href="https://infosec.exchange/tags/1FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>1FA</span></a> <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MFA</span></a> <a href="https://infosec.exchange/tags/JWT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JWT</span></a> <a href="https://infosec.exchange/tags/SessionCookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SessionCookie</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> <a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebAuthn</span></a> <a href="https://infosec.exchange/tags/Yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Yubikey</span></a> <a href="https://infosec.exchange/tags/Titan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Titan</span></a> <a href="https://infosec.exchange/tags/BGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BGP</span></a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a></p>
Erik van Straten<p>'Undo' Israel's offensive cyber collapse?</p><p>On Monday April 7 (2025) Netanyahu will probably try to convince Trump to 'Make Israel's Offensive Cyber Industry Great Again', including the likes of NSO (*).</p><p>(*) From (extremely pro-Zionist) <a href="https://www.israelhayom.com/2025/04/04/how-the-us-led-to-israels-offensive-cyber-collapse/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">israelhayom.com/2025/04/04/how</span><span class="invisible">-the-us-led-to-israels-offensive-cyber-collapse/</span></a>:<br>❝ [...]<br>The 2018 murder of Saudi journalist Jamal Khashoggi, a case that implicated NSO, marked a turning point in American policy toward offensive cyber generally and Israeli companies specifically.<br>[...]<br>Everything changed in November 2021, however, when the US Department of Commerce announced that two leading Israeli cyber companies – NSO and Candiru – had been added to the "Entity List" of organizations whose activities conflict with American national security interests.<br>[...] ❞</p><p>I expect Trump to be all ears, and to handle accordingly. Be careful out there.</p><p><a href="https://infosec.exchange/tags/FreePress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreePress</span></a> <a href="https://infosec.exchange/tags/JamalKhashoggi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JamalKhashoggi</span></a> <a href="https://infosec.exchange/tags/YouMayBeNext" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YouMayBeNext</span></a> <a href="https://infosec.exchange/tags/FreedomOfSpeech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreedomOfSpeech</span></a> <a href="https://infosec.exchange/tags/Khashoggi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Khashoggi</span></a> <a href="https://infosec.exchange/tags/JusticeForJamalKhashoggi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JusticeForJamalKhashoggi</span></a> <a href="https://infosec.exchange/tags/CyberWar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberWar</span></a> <a href="https://infosec.exchange/tags/CyberTerror" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberTerror</span></a> <a href="https://infosec.exchange/tags/NSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NSO</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/CyberTerrorism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberTerrorism</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/FrancescaAlbaneseIsRight" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FrancescaAlbaneseIsRight</span></a></p>
Infoblox Threat Intel<p>This week, we encountered a new phishing campaign utilizing the Tycoon 2FA Phishing-as-a-Service (PhaaS) to bypass multifactor authentication (MFA).</p><p>The RDGA domains have Russian TLDs but are hosted on CloudFlare infrastructure. We have been seeing them use shared infrastructure for a few months now, definitely trying to make detection more challenging. They continue to obfuscate every piece of code but have updated their verification page. Previously, we always saw their custom Cloudflare Turnstile page, but now they also use a new captcha challenge, as shown below.(You can also check it here <a href="https://urlscan.io/result/0195ed8b-7a48-7348-a814-0a058571b51e/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">urlscan.io/result/0195ed8b-7a4</span><span class="invisible">8-7348-a814-0a058571b51e/</span></a> )<br> <br>Their old Cloudflare Turnstile page seems to still be their favorite, even though they now change their message more frequently: "Checking response before request" or "Tracking security across platform" are some of the new messages they use.<br> <br>Here is a sample of the hundreds of domains we are detecting:<br> womivor[.]ru <br> nthecatepi[.]ru <br> toimlqdo[.]ru <br> dantherevin[.]ru <br> xptdieemy[.]ru</p><p><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/domains" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>domains</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/PhaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhaaS</span></a> <a href="https://infosec.exchange/tags/tycoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tycoon</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/2MFABypass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2MFABypass</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@fl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fl</span></a></span> : Thanks for your response!</p><p>Extremely worrysome is that Cloudflare is very USA (FISA Section 702) and MitM's all https connections: <a href="https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/password-r</span><span class="invisible">euse-rampant-half-user-logins-compromised/</span></a></p><p><a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/FISAsection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISAsection702</span></a> <a href="https://infosec.exchange/tags/NSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NSA</span></a> <a href="https://infosec.exchange/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a></p>
Erik van Straten<p>"Franse overheid voert phishingtest uit op 2,5 miljoen leerlingen"<br><a href="https://www.security.nl/posting/881630/Franse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/881630/Fra</span><span class="invisible">nse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen</span></a></p><p>KRANKZINNIG!</p><p>Het is meestal onmogelijk om nepberichten (e-mail, SMS, ChatApp, social media en papieren post - zie plaatje) betrouwbaar van echte te kunnen onderscheiden.</p><p>Tegen phishing en vooral nepwebsites is echter prima iets te doen, zoals ik vandaag nogmaals beschreef in <a href="https://security.nl/posting/881655" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/881655</span><span class="invisible"></span></a>.</p><p>(Big Tech en luie websitebeheerders willen dat niet, dus is en blijft het een enorm gevecht).</p><p><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/Certificaten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificaten</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Evilginx2</span></a> <a href="https://infosec.exchange/tags/Zwakke2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zwakke2FA</span></a> <a href="https://infosec.exchange/tags/ZwakkeMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZwakkeMFA</span></a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakMFA</span></a> <a href="https://infosec.exchange/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticatie</span></a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonatie</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomainNames</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Aurhenticiteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aurhenticiteit</span></a> <a href="https://infosec.exchange/tags/Owner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Owner</span></a> <a href="https://infosec.exchange/tags/Eigenaar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Eigenaar</span></a> <a href="https://infosec.exchange/tags/Verantwoordelijke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Verantwoordelijke</span></a> <a href="https://infosec.exchange/tags/Responsible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Responsible</span></a> <a href="https://infosec.exchange/tags/Accountable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Accountable</span></a> <a href="https://infosec.exchange/tags/DigiD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigiD</span></a> <a href="https://infosec.exchange/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> <a href="https://infosec.exchange/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://infosec.exchange/tags/ChatApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChatApps</span></a> <a href="https://infosec.exchange/tags/Verzender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Verzender</span></a> <a href="https://infosec.exchange/tags/Sender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sender</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@mensrea" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mensrea</span></a></span> : if you visit a shop (or a bank) in the center of the city, chances are near zero that it's run by impostors.</p><p>However, if you go to some vague second hand market, chances are the you will be deceived.</p><p>Possibly worse, if there's an ATM on the outside wall of a shack where Hells Angels meet, would you insert your bank card and enter your PIN?</p><p>On the web, most people do not know WHERE they are.</p><p>Big Tech is DELIBERATELY withholding essential information from people, required to determine the amount of trust that a website deserves.</p><p>DELIBERATELY, because big tech can rent much more (cheap) hosting and (meaningless) domain names to whomever if website vistors cannot distinguish between authentic and fake websites.</p><p>You are right that some people will never understand why they need to know who owns a website.</p><p>However, most people (including <span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> ) would enormously benefit.</p><p>Like all the other deaf and blind trolls, you trash a proposal because it may be useless for SOME, you provide zero solutions and you keep bashing me.</p><p>What part of "get lost" do you not understand?</p><p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@mensrea" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mensrea</span></a></span> : it is not the UI/UX that is the problem. It is missing reliable info in the certs.</p><p>Image from <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> :</p><p>I don't want to pay a cent. Neither donate, nor via taxes.</p><p><a href="https://infosec.exchange/@ErikvanStraten/114227977082449887" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114227977082449887</span></a></p><p><span class="h-card" translate="no"><a href="https://mstdn.social/@TheDutchChief" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>TheDutchChief</span></a></span> <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aral</span></a></span> : most Let's Encrypt (and other Domain Validated) certificates are issued to junk- or plain criminal websites.</p><p>They're the ultimate manifestation of evil big tech.</p><p>They were introduced to encrypt the "last mile" because Internet Service Providers were replacing ads in webpages and, in the other direction, inserting fake clicks.</p><p>DV has destroyed the internet. People loose their ebank savings and companies get ransomwared; phishing is dead simple. EDIW/EUDIW will become an identity fraud disaster (because of AitM phishing atracks).</p><p>Even the name "Let's Encrypt" is wrong for a CSP: nobody needs a certificate to encrypt a connection. The primary purpose of a certificate is AUTHENTICATION (of the owner of the private key, in this case the website).</p><p>However, for human beings, just a domain name simply does not provide reliable identification information. It renders impersonation a peace of cake.</p><p>Decent online authentication is HARD. Get used to it instead of denying it.</p><p>REASONS/EXAMPLES</p><p>🔹 Troy Hunt fell in the DV trap: <a href="https://infosec.exchange/@ErikvanStraten/114222237036021070" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114222237036021070</span></a></p><p>🔹 Google (and Troy Hunt!) killed non-DV certs (for profit) because of the stripe.com PoC. Now Chrome does not give you any more info than what Google argumented: <a href="https://infosec.exchange/@ErikvanStraten/114224682101772569" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224682101772569</span></a></p><p>🔹 https:⧸⧸cancel-google.com/captcha was live yesterday: <a href="https://infosec.exchange/@ErikvanStraten/114224264440704546" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114224264440704546</span></a></p><p>🔹 Stop phishing proposal: <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a></p><p>🔹 Lots of reasons why LE sucks:<br><a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (corrected link 09:20 UTC)</p><p>🔹 This website stopped registering junk .bond domain names, probably because there were too many every day (the last page I found): <a href="https://newly-registered-domains.abtdomain.com/2024-08-15-bond-newly-registered-domains-part-1/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newly-registered-domains.abtdo</span><span class="invisible">main.com/2024-08-15-bond-newly-registered-domains-part-1/</span></a>. However, this gang is still active, open the RELATIONS tab in <a href="https://www.virustotal.com/gui/ip-address/13.248.197.209/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">13.248.197.209/relations</span></a>. You have to multiply the number of LE certs by approx. 5 because they also register subdomains and don't use wildcard certs. Source: <a href="https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/</span></a></p><p><span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> <span class="h-card" translate="no"><a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nlnet</span></a></span> </p><p><a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/bond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bond</span></a> <a href="https://infosec.exchange/tags/dotBond" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotBond</span></a> <a href="https://infosec.exchange/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Banks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banks</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> :</p><p>I've stopped doing that after a lot of people called me an idiot and a liar if I kindly notified them. I stopped, I'll get scolded anyway.</p><p>Big tech and most admins want everyone to believe that "Let's Encrypt" is the only goal. Nearly 100% of tech people believe that.</p><p>And admins WANT to believe that, because reliable authentication of website owners is a PITA. They just love ACME and tell their website visitors to GFY.</p><p>People like you tooting nonsense get a lot of boosts. It's called fake news or big tech propaganda. If you know better, why don't you WRITE BETTER?</p><p>It has ruined the internet. Not for phun but purely for profit. And it is what ruins people's lives and lets employees open the vdoor for ransomware and data-theft.</p><p>See also <a href="https://infosec.exchange/@ErikvanStraten/112914047006977222" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914047006977222</span></a> (and, in Dutch, <a href="https://security.nl/posting/881296" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/881296</span><span class="invisible"></span></a>).</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> </p><p><a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/AnonymousCertificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnonymousCertificates</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/LetsAuthenticate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsAuthenticate</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Identity</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Weak2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Weak2FA</span></a> <a href="https://infosec.exchange/tags/WeakMFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeakMFA</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/ACME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ACME</span></a> <a href="https://infosec.exchange/tags/USdependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependencies</span></a> <a href="https://infosec.exchange/tags/USdependency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependency</span></a> <a href="https://infosec.exchange/tags/USdependent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USdependent</span></a> <a href="https://infosec.exchange/tags/USAdependencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependencies</span></a> <a href="https://infosec.exchange/tags/USAdependency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependency</span></a> <a href="https://infosec.exchange/tags/USAdependent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USAdependent</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>troyhunt</span></a></span> : if we open a website that we've never visited before, we need browsers to show us all available details about that website, and warn us if such details are not available.</p><p>We also need better (readable) certificates identifying the responsible / accountable party for a website.</p><p>We have been lied to that anonymous DV certificates are a good idea *also* for websites we need to trust. It's a hoax.</p><p>Important: certificates never directly warrant the trustworthyness of a website. They're about authenticity, which includes knowing who the owner is and in which country they are located. This helps ensuring that you can sue them (or not, if in e.g. Russia) which *indirectly* makes better identifiable websites more reliable.</p><p>More info in <a href="https://infosec.exchange/@ErikvanStraten/113079966331873386" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/113079966331873386</span></a> (see also <a href="https://crt.sh/?Identity=mailchimp-sso.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crt.sh/?Identity=mailchimp-sso</span><span class="invisible">.com</span></a>).</p><p>Note: most people do not understand certificates, like <span class="h-card" translate="no"><a href="https://mastodon.social/@BjornW" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>BjornW</span></a></span> in <a href="https://mastodon.social/@BjornW/114064065891034415" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@BjornW/114064</span><span class="invisible">065891034415</span></a>:<br>❝<br><span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>letsencrypt</span></a></span> offers certificates to encrypt the traffic between a website & your browser.<br>❞<br>2x wrong.</p><p>A TLS v1.3 connection is encrypted before the website sends their certificate, which is used only for *authentication* of the website (using a digital signature over unguessable secret TLS connection parameters). A cert binds the domain name to a public key, and the website proves possession of the associated private key.</p><p>However, for people a domain name simply does not suffice for reliable identification. People need more info in the certificate and it should be shown to them when it changes.</p><p>Will you please help me get this topic seriously on the public agenda?</p><p>Edited 09:15 UTC to add: tap "Alt" in the images for details.</p><p><a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/Certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Certificates</span></a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>httpsVShttp</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mk.absturztau.be/@Linux" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Linux</span></a></span> : you're definitely not fearmongering.</p><p>Eugene Kaspersky warned many times for fragmentation of the internet, like in <a href="https://www.smh.com.au/technology/cyber-spying-risks-the-future-of-the-internet-eugene-kaspersky-20131107-hv2g1.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">smh.com.au/technology/cyber-sp</span><span class="invisible">ying-risks-the-future-of-the-internet-eugene-kaspersky-20131107-hv2g1.html</span></a> more than 11 years ago:<br>❝<br>Mr Kaspersky said he feared governments would withdraw to their own parallel networks away from the prying eyes of others, and would cease investing in the development of the public internet, products and services.<br>❞</p><p>(An IMO nice read on internet history: <a href="https://eugene.kaspersky.com/2017/02/07/internet-archaeology/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">eugene.kaspersky.com/2017/02/0</span><span class="invisible">7/internet-archaeology/</span></a>).</p><p>Personally I predicted many years ago that online identity fraud would cause too much damage soon.</p><p>Fortunately both predictions have not fully materialized, but we're definitely heading in the wrong direction.</p><p>Here's one example from many, severly undermining trust in the internet: <a href="https://www.bleepingcomputer.com/news/security/microsoft-trust-signing-service-abused-to-code-sign-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/microsoft-trust-signing-service-abused-to-code-sign-malware/</span></a>.</p><p>It's not just TLD's: by far most digital certificates are issued by Big Tech with pompous names like "Google Trust Services" - most of them to criminal websites.</p><p>See also <a href="https://gist.githubusercontent.com/qbourgue/071c333ff5182f031da3ba55cc7da1ec/raw/ec4ba396c0d1052cc8b0a69c1bad1e0e5aef2ab6/malicious_domains_impersonating_reddit_wetransfer_selfau3_dropper_lumma_stealer_20012025.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.githubusercontent.com/qbo</span><span class="invisible">urgue/071c333ff5182f031da3ba55cc7da1ec/raw/ec4ba396c0d1052cc8b0a69c1bad1e0e5aef2ab6/malicious_domains_impersonating_reddit_wetransfer_selfau3_dropper_lumma_stealer_20012025.txt</span></a> (src: <span class="h-card" translate="no"><a href="https://infosec.exchange/@_r_netsec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>_r_netsec</span></a></span> in <a href="https://infosec.exchange/@_r_netsec/114211978370291738" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@_r_netsec/11</span><span class="invisible">4211978370291738</span></a>).</p><p><a href="https://infosec.exchange/tags/Kaspersky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kaspersky</span></a> <a href="https://infosec.exchange/tags/Fragmentation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fragmentation</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a></p>
Radio Azureus<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@ErikvanStraten" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ErikvanStraten</span></a></span> </p><p>Dankjewel voor deze verhelderende uitleg. Ik heb er niet bij stilgestaan dat door Cloudflare grote blokken van het internet letterlijk kunnen worden uitgeschakeld, door simpelweg een script te draaien</p><p><a href="https://mastodon.social/tags/Risico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risico</span></a> <a href="https://mastodon.social/tags/Economie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economie</span></a> <a href="https://mastodon.social/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://mastodon.social/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://mastodon.social/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://mastodon.social/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://mastodon.social/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://mastodon.social/tags/FISASection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISASection702</span></a> <a href="https://mastodon.social/tags/FISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISA</span></a> <a href="https://mastodon.social/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreeLetterAgencies</span></a> <a href="https://mastodon.social/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a> <a href="https://mastodon.social/tags/Sbowden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sbowden</span></a> <a href="https://mastodon.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/VVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VVD</span></a> <a href="https://mastodon.social/tags/PVV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PVV</span></a> <a href="https://mastodon.social/tags/CIDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIDI</span></a> <a href="https://mastodon.social/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://mastodon.social/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://mastodon.social/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://mastodon.social/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://mastodon.social/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://mastodon.social/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://mastodon.social/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://mastodon.social/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://mastodon.social/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://mastodon.social/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xF21D</span></a></span> : Cloudflare is evil anyway.</p><p>Cloudflare reverse-proxies (or -proxied):</p><p>-<br>cloudflare.com.save-israel·org<br>-<br>ns.cloudflare.com.save-israel·org<br>-<br>albert.ns.cloudflare.com.save-israel·org<br>-<br>sydney.ns.cloudflare.com.save-israel·org<br>-</p><p>I don't know whether any of these domains were or are malicious, but such domain names are insane; expect evilness.</p><p>See also:<br><a href="https://crt.sh/?Identity=save-israel.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crt.sh/?Identity=save-israel.o</span><span class="invisible">rg</span></a></p><p>Tap "Alt" in the images for more info.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@malanalysis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>malanalysis</span></a></span> </p><p><a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/DVCertsSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCertsSuck</span></a> <a href="https://infosec.exchange/tags/BrowsersSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BrowsersSuck</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@0xF21D" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>0xF21D</span></a></span> wrote: "[...] something we technically knew was going on before but didn't consciously consider a threat, until now."</p><p>I've been warning for CDN's like Cloudflare and Fastly (and cloud providers in general) for a long time.</p><p>Here's a recent toot (in Dutch, the "translate" button should do the job): <a href="https://infosec.exchange/@ErikvanStraten/114042082778156313" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114042082778156313</span></a>.</p><p>If you trust Google to translate it (guaranteed NOT error-free, it *may* work in other browsers than Chrome): <a href="https://infosec-exchange.translate.goog/@ErikvanStraten/114042082778156313?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec-exchange.translate.goo</span><span class="invisible">g/@ErikvanStraten/114042082778156313?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp</span></a></p><p>P.S. Fastly knows your <a href="https://infosec.exchange" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosec.exchange</span><span class="invisible"></span></a> login credentials.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@malanalysis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>malanalysis</span></a></span> </p><p><a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://infosec.exchange/tags/TLSinterception" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLSinterception</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.nl/@SandraDeHaan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>SandraDeHaan</span></a></span> schreef: "Ook NL heeft zich afhankelijk gemaakt van Amerikaanse digitale infrastructuur (o.a. cloud-diensten)."</p><p>Daar waarschuw ik al langer voor (zie <a href="https://security.nl/posting/684958" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/684958</span><span class="invisible"></span></a> van 6-1-2021 toen ik de bestorming van het Capitool zag, en zie bovenaan die pagina).</p><p>En gisteren nog: <a href="https://infosec.exchange/@ErikvanStraten/114042082778156313" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114042082778156313</span></a></p><p>En de NL overheid gaat daar, op advies van "experts" (anoniem natuurlijk) gewoon in mee: <a href="https://security.nl/posting/876914" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/876914</span><span class="invisible"></span></a>.</p><p>Hoe NAÏEF kunnen we zijn?!</p><p>En waarom een EV-certificaat, bijv. van de Rabobank, 1FA (en DV nauwelijks veiliger dan DNS is - een notoir onveilig protocol): <a href="https://security.nl/posting/877247" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/877247</span><span class="invisible"></span></a>.</p><p>P.S. Helaas heb ik Bert Hubert moeten bliokken nadat hij IDF-propagandaspam uit Auschwitz had geboost.</p><p><a href="https://infosec.exchange/tags/Availability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Availability</span></a> <a href="https://infosec.exchange/tags/Beschikbaarheid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Beschikbaarheid</span></a> <a href="https://infosec.exchange/tags/Cinfidentiality" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cinfidentiality</span></a> <a href="https://infosec.exchange/tags/Vertrouwelijkheid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vertrouwelijkheid</span></a> <a href="https://infosec.exchange/tags/Integrity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Integrity</span></a> <a href="https://infosec.exchange/tags/Integriteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Integriteit</span></a> <a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Authenticiteit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticiteit</span></a> <a href="https://infosec.exchange/tags/Risico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risico</span></a> <a href="https://infosec.exchange/tags/Economie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economie</span></a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a>.<a href="https://infosec.exchange/tags/FISASection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISASection702</span></a> <a href="https://infosec.exchange/tags/FISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISA</span></a> <a href="https://infosec.exchange/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreeLetterAgencies</span></a>#Trump <a href="https://infosec.exchange/tags/Sbowden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sbowden</span></a> <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/VVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VVD</span></a> <a href="https://infosec.exchange/tags/PVV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PVV</span></a> <a href="https://infosec.exchange/tags/CIDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIDI</span></a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://infosec.exchange/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p>Risico Cloudflare (+Trump)</p><p>Toevoeging 21 maart 2025 {<br>Cloudflare bekijkt uw wachtwoorden (en 2FA codes), en zou daarmee desgewenst als u kunnen inloggen op uw accounts. Ze geven dat impliciet zelf toe: <a href="https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/password-r</span><span class="invisible">euse-rampant-half-user-logins-compromised/</span></a>. Bron: <a href="https://benjojo.co.uk/u/benjojo/h/cR4dJWj3KZltPv3rqX" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">benjojo.co.uk/u/benjojo/h/cR4d</span><span class="invisible">JWj3KZltPv3rqX</span></a>.<br>}</p><p>🌦️ Achter Cloudflare<br>Steeds meer websites zitten "achter" het Amerikaanse bedrijf Cloudflare. Stel u opent <a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a> (let op, daar staat https:// vóór, Mastodon verstopt dat) in uw browser:</p><p> browser <-1-> Cloudflare <-2-> <a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a></p><p>⛓️💥 Géén E2EE<br>Bij zeer veel websites (<a href="https://pvv.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pvv.nl</span><span class="invisible"></span></a> is een voorbeeld) is er sprake van twee *verschillende* verbindingen, dus beslist geen E2EE = End-to-End-Encryption (voor zover dat überhaupt nog wat zegt als de "echte" een cloud-server van Google, Microsoft of Amazon is).</p><p>🕋 CDN's<br>Cloudflare, een CDN (Content Delivery Network), heeft een wereldomspannend netwerk met "tunnel"-servers in computercentra van de meeste internetproviders. Waarschijnlijk ook bij u "om de hoek".</p><p>🔥 DDoS-aanvallen<br>Dat is werkt uitstekend tegen DDoS (Distributed Denial of Service) aanvallen. Ook zorgen CDN's voor veel snellere communicatie (mede doordat plaatjes e.d. op een web van servers "gecached" worden) - ook als de "echte" server aan de andere kant van de wereld staan.</p><p>🚨 Nadelen<br>Maar dit is NIET zonder prijs! Cloudflare kan namelijk *meekijken* in zeer veel "versleuteld" netwerkverkeer (en dat zelfs, desgewenst, wijzigen).</p><p>🚦 Nee, niet *u*<br>Ook kunnen Cloudflare-klanten allerlei regels instellen waar bezoekers aan moeten voldoen, en hen als "ongewenst" bezoek blokkeren (ook *criminele* klanten maken veelvuldig gebruik van deze mogelijkheid, o.a. om te voorkómen dat de makers van virusscanners nepwebsites op kwaadaardige inhoud kunnen checken).<br>Aanvulling 14:39: { zo kan ik, met Firefox Focus onder Android, <a href="https://cidi.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cidi.nl</span><span class="invisible"></span></a> *niet* openen, ik zie dan een pagina waarin o.a. staat "Even geduld, de website van Centrum Informatie en Documentatie Israël (CIDI) is aan het verifiëren of de verbinding veilig is. Please unblock challenges.cloudflare.com to proceed."<br>}</p><p>😎 Men In Black<br>Omdat Cloudflare een (tevens) in de VS gevestigd bedrijf is, moeten zij voldoen aan de Amerikaanse FISA section 702 wetgeving. Dat betekent dat hen opgedragen kan worden om internetverkeer te monitoren, en zij daar een zwijgplicht over hebben. Terwijl Amerikanen al minder privacy-rechten hebben dan Europeanen, hebben *niet*-Amerikanen *nul* privacyrechten volgens genoemde FISA wet.</p><p>🔓 Knip<br>Dat https-verbindingen via Cloudflare niet E2EE zijn, blijkt uit onderstaand plaatje (dat vast méér mensen wel eens gezien hebben).</p><p>📜 Certificaten en foutmeldingen<br>Dat plaatje kan, zonder certificaatfoutmeldingen, ALLEEN bestaan als Cloudflare een geldig authenticerend website-certificaat (een soort paspoort) heeft voor, in dit geval, <a href="https://bleepingcomputer.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bleepingcomputer.com</span><span class="invisible"></span></a> - en dat hébben ze. Voor MILJOENEN websites.</p><p>🛃 MitM<br>Cloudflare (maar ook anderen, zoals Fastly) zijn een MitM (Man in the Middle).</p><p>🤔 De tweede verbinding?<br>Uw browser heeft, grotendeels transparant, een E2EE-verbinding met een Cloudflare server. U heeft géén idee wat voor soort verbinding Cloudflare met de werkelijke website heeft (is dat überhaupt https, en een veilige variant daarvan? Wat doet Cloudflare als het certificaat van de website verlopen is? Etc).</p><p>👽 AitM<br>En zodra een MitM kwaadaardig wordt, noemen we het een AitM (A van Attacker of Adversary).</p><p>🗽 Trump<br>Als Trump Cloudflare opdraagt om geen diensten meer aan NL of EU te leveren, werkt hier HELEMAAL NIETS MEER en dondert onze economie als een kaartenhuis in elkaar.</p><p>🃏 DV-certs<br>Dat Cloudflare een website-certificaat voor bijvoorbeeld <a href="https://vvd.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">vvd.nl</span><span class="invisible"></span></a> of <a href="https://cidi.nl" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cidi.nl</span><span class="invisible"></span></a> heeft verkregen, zou vreemd moeten zijn. Dit is echter een peuleschil "dankzij" DV (Domain Validated) certificaten (het lievelingetje van Google) die het internet steeds onveiliger maken en waar ook onze overheid "voor gevallen is" (zie <a href="https://infosec.exchange/@ErikvanStraten/114032329847123742" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/114032329847123742</span></a>).</p><p>😱 Nepwebsites<br>Maar dit is nog niet alles: steeds meer criminele nepwebsites *verstoppen* zich achter Cloudflare, waar zijzelf (crimineel) geld aan verdient. Zie bijvoorbeeld <a href="https://security.nl/posting/876655" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/876655</span><span class="invisible"></span></a> (of kijk eens in het "RELATIONS" tabblad van <a href="https://www.virustotal.com/gui/ip-address/188.114.96.0/relations" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/ip-address/</span><span class="invisible">188.114.96.0/relations</span></a> en druk enkele keren op •••).</p><p><a href="https://infosec.exchange/tags/Risico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Risico</span></a> <a href="https://infosec.exchange/tags/Economie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Economie</span></a> <a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> <a href="https://infosec.exchange/tags/Fastly" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fastly</span></a> <a href="https://infosec.exchange/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/FISASection702" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISASection702</span></a> <a href="https://infosec.exchange/tags/FISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FISA</span></a> <a href="https://infosec.exchange/tags/ThreeLetterAgencies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreeLetterAgencies</span></a> <a href="https://infosec.exchange/tags/Trump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trump</span></a> <a href="https://infosec.exchange/tags/Sbowden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sbowden</span></a> <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/VVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VVD</span></a> <a href="https://infosec.exchange/tags/PVV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PVV</span></a> <a href="https://infosec.exchange/tags/CIDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CIDI</span></a> <a href="https://infosec.exchange/tags/VT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VT</span></a> <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VirusTotal</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DV</span></a> <a href="https://infosec.exchange/tags/OV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OV</span></a> <a href="https://infosec.exchange/tags/EV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EV</span></a> <a href="https://infosec.exchange/tags/QWAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>QWAC</span></a> <a href="https://infosec.exchange/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://infosec.exchange/tags/NepWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebsites</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a></p>
Erik van Straten<p>Fsck de overheid: "Het automatiseren van certificaatbeheer door de overheid op basis van ACME zorgt voor het efficiënter en betrouwbaarder verkrijgen, vernieuwen en intrekken van TLS-certificaten. Dit maakt de digitale overheid betrouwbaarder, wendbaarder en minder leveranciersafhankelijk", aldus de experts. "Daarnaast vermindert het gebruik van ACME de beheerlast voor het beheer van TLS-certificaten."<br><a href="https://www.security.nl/posting/876900/ACME+voor+uitgifte+tls-certificaten+wordt+mogelijk+verplicht+voor+overheid" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/876900/ACM</span><span class="invisible">E+voor+uitgifte+tls-certificaten+wordt+mogelijk+verplicht+voor+overheid</span></a>.</p><p>In een tijd waarin burgers, online, met steeds hogere betrouwbaarheid moeten authenticeren (o.a. voor online leeftijdsverificatie en binnenkort met eID's zoals EDIW/EUDIW), en de anonieme nepwebsites als paddenstoelen uit de grond schieten (*), is dit een *KRANKZINNIG* plan.</p><p>(*) Daarbij geen strobreed in de weggelegd door BigTech - integendeel: medeplichtigheid aan cybercrime is hun verdienmodel geworden.</p><p>Het grote risico hier zijn AitM- (Attacker in the Middle) aanvallen: nietsvermoedende mensen worden via een bericht of een Google zoekresultaat naar een nepwebsite gestuurd, die hen vraagt om bijv. een scan van hun paspoort te uploaden en een selfie-filmpje te maken.</p><p>Beide stuurt de nepwebsite echter dóór naar een echte website, zoals van een bank, bijv. om een lening af te sluiten. De AitM neemt dat geld op, waarna het slachtoffer opdraait voor de schuld.</p><p>Een ESSENTIËLE voorwaarde voor betrouwbare authenticatie is dat je de VERIFIEERDER kunt vertrouwen.</p><p>Of dat zo is, weet je nooit zeker (ook offline niet). Het beste alternatief is dat je weet *WIE* de verifieerder is, en hoe betrouwbaar diens identiteit is vaatgesteld. Dat is, zonder meer, vervelend en prijzig voor eigenaren van websites waar klanten, burgers of patiënten risicovolle transacties doen en/of er vertrouwelijke gegevens mee uitwisselen - maar enorm in het belang van bezoekers van dergelijke websites.</p><p>Betrouwbare authenticatie van (de juridisch aansprakelijke) eigenaar van een website m.b.v. een website-certificaat vormt *technisch* geen enkel probleem (dit *hadden* we al, maar is met een smoes gesloopt door Google).</p><p>In gratis certificaten, bijvoorbeeld van Let's Encrypt (zoals gebruikt door de nepwebsites in onderstaand plaatje) staat uitsluitend een volstrekt anonieme domeinnaam; je hebt dus geen idee wie verantwoordelijk is voor de website.</p><p>Juist bij overheidswebsites is het essentieel dat je weet dat het écht om een overheidswebsite gaat - iets dat bij de in het plaatje getoonde domeinnamen (ik heb de punt door + vervangen), zoals:</p><p>• afhandelen-belasting+com<br>• aflossen-belastingdienst+com</p><p>beslist *niet* het geval is.</p><p>En in de echte <a href="https://www.ggn.nl/contact/phishing/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">ggn.nl/contact/phishing/</span><span class="invisible"></span></a> kunt u voorbeelden zien van domeinnamen van nepwebsites, zoals ook te zien in onderstaand plaatje.</p><p>Kennelijk lukt het niemand om dergelijke criminele websites uit de lucht te halen, terwijl de misdadigers er probleemloos Let's Encrypt certificaten voor *blijven* verkrijgen - naast dat de naar phishing stinkende domeinnamen zonder blikken of blozen worden verhuurd en nooit worden ingetrokken. Dit is simpelweg de SNELSTE en GOEDKOOPSTE oplossing voor eigenaren van websites; de *BEZOEKERS* van die websites draaien op voor alle risico's.</p><p>Het onderstaande plaatje is van een Russische server, maar dit soort phishing websites vind je ook bij de vleet op door criminelen gehuurde servers van Google, Amazon, Microsoft, Digital Ocean, Cloudflare en kleinere westerse hostingbedrijven.</p><p>Ben ik nou ÉCHT DE ÉNIGE die vindt dat deze gecriminaliseerde puinhoop keihard moet worden aangepakt?</p><p>Zie mijn uitgebreide reactie in <a href="https://security.nl/posting/876914" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/876914</span><span class="invisible"></span></a> (beginnend met eenvoudige uitleg wat een website-certificaat is).</p><p>Nb. naast certificaatuitgevers moeten ook browsers en het CA/B-forum op de schop. Doen we dit allemaal niet, dan wordt verder digitaliseren een gigantische puinhoop met steeds meer slachtoffers van identiteitsfraude.</p><p><a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/ACME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ACME</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/NepSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepSites</span></a> <a href="https://infosec.exchange/tags/NepWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebSites</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scams</span></a> <a href="https://infosec.exchange/tags/IdentiteitsFraude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentiteitsFraude</span></a> <a href="https://infosec.exchange/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticatie</span></a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonatie</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebSites</span></a> <a href="https://infosec.exchange/tags/AnoniemeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnoniemeWebsites</span></a> <a href="https://infosec.exchange/tags/AnonymousWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnonymousWebsites</span></a> <a href="https://infosec.exchange/tags/OnlineAuthenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineAuthenticatie</span></a> <a href="https://infosec.exchange/tags/LeeftijdVerificatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LeeftijdVerificatie</span></a> <a href="https://infosec.exchange/tags/OnlineLeeftijdVerificatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineLeeftijdVerificatie</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/OnlineAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineAuthentication</span></a> <a href="https://infosec.exchange/tags/AgeVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AgeVerification</span></a> <a href="https://infosec.exchange/tags/OnlineAgeVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineAgeVerification</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Evilginx2</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://mastodon.social/@dianasusanti" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dianasusanti</span></a></span> : w.r.t. Indonesian speaking people, the image below that I just made shows another fake site - which will look familiar to Android users.</p><p>Note that it has a website certificate submitted by "Google Trust Services" while the site hides behind a Cloudflare IP-address.</p><p>It is not surprising that people fall for this, as (for example), to log in to Microsoft you have to go to:</p><p> https:⧸⧸login.microsoftonline.com</p><p>Instead of, any of, for example:</p><p> https:⧸⧸login.microsoft.com<br> https:⧸⧸login.365.microsoft.com<br> https:⧸⧸login.office.microsoft.com</p><p>Another scamwebsite:</p><p> https:⧸⧸lîdl·be/login</p><p>Note the î instead of the i.</p><p>P.S. I'm using<br>· instead of . and<br>⧸ instead of /<br>to prevent accidental opening.</p><p><a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/Fraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fraud</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/OnlineFraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineFraud</span></a> <a href="https://infosec.exchange/tags/DVCerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVCerts</span></a> <a href="https://infosec.exchange/tags/NobodyFeelsResponsible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NobodyFeelsResponsible</span></a> <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://infosec.exchange/tags/CyberCriminals" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCriminals</span></a> <a href="https://infosec.exchange/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/CloudflareIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudflareIsEvil</span></a> <a href="https://infosec.exchange/tags/MicrosoftIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicrosoftIsEvil</span></a></p>
EntdeckenLive-Feeds
Mastodon ist der beste Zugang, um auf dem Laufenden zu bleiben.
Du kannst jedem im Fediverse folgen und alles in chronologischer Reihenfolge sehen. Keine Algorithmen, Werbung oder Clickbaits vorhanden.
Konto erstellenAnmeldenZum Hochladen hereinziehen